OGEL IT | IT Services & Cloud Solutions Provider | G-Cloud Supplier

“Hi Ho, Hi Ho, and off to work we go”

With the Government giving guidance on the impending lift of restrictions and a roadmap which could see the country return to a degree of normal, organisations are preparing to ease staff back into the workplace by ensuring a safe, productive environments that can accommodate the imminent changes when they reopen their doors. But what does this look like? Have they considered adopting the hybrid work culture?

How things have changed
When government mandated people stay at home, it forced a change in our normal work environment. The shift to working from home, a novelty for most, was made the norm by COVID-19. Many organisations have realised a surprisingly high level of productivity among their distributed workforces, which has led to speculation about the future of office space.

In recent research conducted by CIPD 40% of employers noted that they expect more than 50% of their entire workforce to continue to work from home post pandemic. This is a dramatic jump from the previous 5% who always worked from home prior to the COVID-19 outbreak, according to the Office of National Statistics. This is where a hybrid approach to conducting business as usual becomes the key to a successful return to work and smooth transition back into the office.

What is a Hybrid Working Model?
The hybrid working model, or hybrid work culture is a relatively new term used to describe the way in which organisations are having to conduct business during and post COVID. It is essentially a work style that allows employees to use a combination of working from home, on the go, or the office and encourages autonomy and flexibility for staff.

To have a truly effective hybrid work model in any business, a degree of change in your current IT structure is extremely important. Some effective adaptations would include things such as hot desking – a controversial concept in todays times, but a dynamic approach that could provide a more flexibility solution that encourages social distancing.

What is hot desking?
Essentially, it is about building a network where people can share work facilities, and while this concept might sound counterintuitive to safety guidelines, it may also be the solution.

While traditional office spaces saw desks clustered together, hot desking offers the ability for staff to sit anywhere they like. It eliminates the need for private, dedicated workspaces, allowing staff the choice of sitting at a minimal safe distance from colleagues, or at a cautious distance anywhere in the building. They will be able to plug their device into the network and continue their day without limitations. This flexibility for staff may well also reduce anxiety around returning to work for some employees.

In terms of sanitation and reducing the risk of spreading infection, hot desking may even make disinfecting workstations easier. This is because desks effectively won’t be personalised with trinkets, making prior and post disinfecting straightforward.

Other benefits to this design includes allowing visitors to the site use of the network without compromising on security by ring fencing them from corporate resources but allowing use of peripherals and Wi-Fi.

In a study conducted by Vodaphone in 2013, using data from Companies House and the Department for Business, Innovation and Skills (BIS), it was suggested that organisations such as UK plc. could save up to £34 billion by freeing up workspace and working more flexibly.

Where do you start?
OGEL IT LTD. have effectively implemented this hybrid method for some of our clients. One client being a campus of 7 different organisations, each managing their own device authentication within the system, known as decentralised control. The previously separate structures of these organisation meant that most had their own IT services and others shared various elements, creating a complex and disparate environment. Our client wanted to rethink this approach and create a dynamic network that would allow changes over time and act as a mediator between connected devices and their associated back-end infrastructure. This would enable true hot desking without the need for client-server VPN connections.

The principle around this design was that a network layer would spans across all 7 sites and can identify connected devices using agreed methods/protocols. It would then use this information to determine the back-end infrastructure, or network associated with that users device and provide suitable configuration which would allow the device to operate in a similar manor as it would have previous on the old network. The design meant the users would still only have access to what they previously had access to, but their connectivity to each other over the 7 sites was simplified and centralised.

Once a tenant/organisation connected to the new centralised network, it would provide suitable information on each connected device within that tenant/organisation, claiming it as theirs and owned by that tenant. This would then authorise them on that network. In the absence of this confirmation, the device would be isolated from the tenants’ services and only provided with a direct internet connection to enable client-server VPN communication or internet browsing. The ability to distinguish between authorised devices and unauthorised devices, means the design would allow all visitors to the site the capability to connect to the network, make use of the tenant’s Wi-fi and peripheral devices i.e. printers, scanners and monitors, but they would not have access to corporate resources.

What does this look like from a network design point of view?
This design focused on the local area network (LAN) within each building or campus to simplify the implementation however consolidating WAN connectivity after implementation becomes a much simpler task further increasing the return on investment. There were requirements for some shared services such as routing and firewalling, however it acts primarily as a proxy between the connected device and the associated tenant’s network requirements within the same building or campus. We worked closely with our client to collect useful information regarding their higher-level networking requirements across all the existing tenants and used that to feed into the new development. The purpose of this exercise was to allow us to create a high-level design for a multi-tenant network to support all users on a common infrastructure.  

We incorporated multiple edge switch stacks to the network design and placed them throughout the campus as required, this would accommodate for the number of end users and devices. Each of the switch stacks or Wi-fi access points (where individual users are able to connect their devices), essentially has an identical configuration, and all edge ports are held by default in a holding state that gives no network access to any device once connected, and instead challenges the device for authentication. These authentication details are then forwarded on to the Centralised Authentication service for processing and the response from this service then tells the edge network how to treat each connected device, meaning a user/employee of the tenant that has access to XYZ, can access XYZ, however a user of ABC, can only have access to ABC. Alternatively, a visitor to the site will only ever have access to peripherals, Wi-fi and any shared building services. The edge network deliberately has no concept of what the device is, who it belongs to, or what it will be used for, It simply places devices into VLAN’s, based on responses to authentication requests sent to the Centralised Authentication Service. Tenants have no administration access to this layer and all control is via the Centralised Authentication service and their own Delegated Authentication Service.

Services we were able to incorporate into the design
Our client had specific network requirements outlined in the scope of this project, and OGEL was able to meet these requirements with our high-level design so that all business activity could continue as normal but within a much easier to manage centralised and controlled environment. Where possible, we advised where responsibility for said requirements fell, whether it was supported by the underlay network or whether individual tenants would need to activate certain functionality for these requirements to be possible, as the Underlay network would simply facilitate connectivity or abilities.

Some requirements incorporated into our network design and able to advise on included:

  • EduROAM - Roaming internet connectivity across campus and when visiting other participating institutions by simply opening their laptop.
  • GovWiFi – Roaming 45internet connectivity for visitors from other government departments and guests.
  • Zero Touch Connectivity – Docked or undocked secure connectivity to network
  • Visitor Connectivity and returning guest services – remembering returning guests and authorising limited access. Subject to T&C’s GDPR retention acceptance
  • Wireless roaming
  • User and visitor printing
  • Service continuity – fall back between wired and wi-fi services should connectivity fail


How can help with your transformation project?
We understand the challenges IT teams are facing in terms of keeping up with constantly changing and evolving technologies and making full use of them in a modern society that requires everything to be fast, secure, and remote.

We don’t design a service for you, we design it with you, making sure that it’s right for your organisation.  We use our knowledge and expertise to help and guide organisations to adopt better solutions, maximise productivity and simplify day to day management. Our resources have a wealth of experience in designing and delivering successful projects that are secure, and easy to manage.

Now is a great time to get in touch to see how we can support you with your next transformation project.